Proofpoint On Demand Email Security (via Codeless Connector Platform)
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | ProofpointCCPDefinition |
| Publisher | Proofpoint |
| Used in Solutions | Proofpoint On demand(POD) Email Security |
| Collection Method | CCF |
| Connector Definition Files | ProofpointPOD_Definaton.json |
| CCF Configuration | ProofpointPOD_PollingConfig.json |
| CCF Capabilities | WebSocket, APIKey |
Proofpoint On Demand Email Security data connector provides the capability to get Proofpoint on Demand Email Protection data, allows users to check message traceability, monitoring into email activity, threats,and data exfiltration by attackers and malicious insiders. The connector provides ability to review events in your org on an accelerated basis, get event log files in hourly increments for recent activity.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
ProofpointPODMailLog_CL |
? | ✓ | ? |
ProofpointPODMessage_CL |
? | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace (Workspace): read and write permissions on the workspace are required.
Custom Permissions: - Websocket API Credentials/permissions: ProofpointClusterID, and ProofpointToken are required. See the documentation to learn more about API.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
Configuration steps for the Proofpoint POD Websocket API
#### The PoD Log API does not allow use of the same token for more than one session at the same time, so make sure your token isn't used anywhere. Proofpoint Websocket API service requires Remote Syslog Forwarding license. Please refer the documentation on how to enable and check PoD Log API. You must provide your cluster id and security token.
1. Retrieve the cluster id
1.1. Log in to the proofpoint [Management Console] with Admin user credentials
1.2. In the Management Console, the cluster id is displayed in the upper-right corner.
2. Retrieve the API token
2.1. Log in to the proofpoint [Management Console] with Admin user credentials
2.2. In the Management Console, click Settings -> API Key Management
2.3. Under API Key Management click on the PoD Logging tab.
2.4. Get or create a new API key. - Cluster Id: cluster_id - API Key: API Key - Click 'Connect' to establish connection
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊